ZeroFox Weekly Intelligence Brief – September 27, 2025

ZeroFox Weekly Intelligence Brief – September 27, 2025

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EDT) on September 25, 2025; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

Europe’s Airlines and Critical Sectors Hit by Cyberattacks This Week

What we know:

• A ransomware attack disrupted operations at major European airports, including at Heathrow, Brussels, Berlin, Dublin, and Cork, affecting electronic check-in and baggage drop systems.
• The UK National Crime Agency (NCA) has arrested a suspect linked to the airport ransomware attack; the suspect was later released on conditional bail.
• Separately, Iranian hacker group Nimbus Manticore (also referred to as UNC1549 or Smoke Sandstorm) is targeting European defense, aerospace, and telecommunication companies for espionage purposes.
• Nimbus Manticore campaigns use phishing emails disguised as job applications that direct victims to fake career websites to deliver malware.

Threat Actors Are Spoofing FBI’s IC3 Website

What we know:

• The Federal Bureau of Investigation (FBI) has warned the public about fake Internet Crime Complaint Center (IC3) government websites.
• Threat actors are reportedly spoofing legitimate government websites to carry out illegal acts, such as stealing personal information and attempting financial scams.

Secret Service Uncovers SIM Card Farm near the U.N. Headquarters

What we know:

• The U.S. Secret Service has dismantled an illegal communications network in New York involving 100,000 SIM cards and 300 servers capable of sending 30 million texts per minute.
• The network was reportedly spread across facilities within a 35-mile radius of the U.N. headquarters.